<div dir="ltr">Sorry to bombard, but the plot thickens. it all works find on linux chrome ( centos 7) but windows 10/2022 server chrome you get the error <div><br></div><div>i did not think anything in squid is os specific</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 11 Aug 2022 at 21:41, Adam Barnett <<a href="mailto:abarnett@belofx.com">abarnett@belofx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I have finally managed to get hold of someone from Epic Games and they took a look over their secret logs and said that it looks like squid is dropping/closing the connection too soon<div><br></div><div>Any suggestions on what i can change to keep the connection open or from dropping</div><div><br></div><div>Thanks</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 5 Aug 2022 at 15:57, Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 8/5/22 05:10, Adam Barnett wrote:<br>
> maybe i am doing something wrong, here is my config<br>
<br>
> ssl_bump splice ...<br>
> ssl_bump bump dst_quixel<br>
> ssl_bump peek dst_quixel<br>
> ssl_bump stare dst_quixel<br>
<br>
<br>
The combination of the last three ssl_bump rules does not make sense <br>
because Squid will never reach those peek and stare rules. The bump rule <br>
can be applied during any SslBump step, so Squid will not see any <br>
same-ACL ssl_bump directives below it -- the first matching rule (that <br>
can be applied during the current step) wins.<br>
<br>
I do not know what logic you are trying to express with those rules, but <br>
the above configuration does not express that (or any) logic well. I <br>
hope Eliezer can guide you towards a reasonable solution here.<br>
<br>
<br>
HTH,<br>
<br>
Alex.<br>
<br>
<br>
<br>
> <br>
> On Thu, 4 Aug 2022 at 22:58, <<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a> <br>
> <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>>> wrote:<br>
> <br>
>     Please don’t bang your head… everybody is here for you.____<br>
> <br>
>     Sometimes it takes time to respond but you will get your answers.____<br>
> <br>
>     __ __<br>
> <br>
>     <a href="https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz" rel="noreferrer" target="_blank">https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz</a><br>
>     <<a href="https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz" rel="noreferrer" target="_blank">https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz</a>>____<br>
> <br>
>     __ __<br>
> <br>
>     Is not the fastest connection and it has a blacklist in the DB dump<br>
>     so for now it’s a production system but works good enough for me.____<br>
> <br>
>     I hope it’s not too much information in the support save file.____<br>
> <br>
>     __ __<br>
> <br>
>     Let me know if it makes more sense for you.____<br>
> <br>
>     AlsoI am happy that you have asked this question since now others<br>
>     can enjoy from the answer 😊____<br>
> <br>
>     __ __<br>
> <br>
>     Eliezer____<br>
> <br>
>     __ __<br>
> <br>
>     ----____<br>
> <br>
>     Eliezer Croitoru____<br>
> <br>
>     NgTech, Tech Support____<br>
> <br>
>     Mobile: +972-5-28704261____<br>
> <br>
>     Email: <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a> <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>>____<br>
> <br>
>     Web: <a href="https://ngtech.co.il/" rel="noreferrer" target="_blank">https://ngtech.co.il/</a> <<a href="https://ngtech.co.il/" rel="noreferrer" target="_blank">https://ngtech.co.il/</a>>____<br>
> <br>
>     My-Tube: <a href="https://tube.ngtech.co.il/" rel="noreferrer" target="_blank">https://tube.ngtech.co.il/</a> <<a href="https://tube.ngtech.co.il/" rel="noreferrer" target="_blank">https://tube.ngtech.co.il/</a>>____<br>
> <br>
>     __ __<br>
> <br>
>     *From:*Adam Barnett <<a href="mailto:abarnett@belofx.com" target="_blank">abarnett@belofx.com</a> <mailto:<a href="mailto:abarnett@belofx.com" target="_blank">abarnett@belofx.com</a>>><br>
>     *Sent:* Friday, 5 August 2022 0:44<br>
>     *To:* <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a> <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>><br>
>     *Cc:* <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
>     <mailto:<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>><br>
>     *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____<br>
> <br>
>     __ __<br>
> <br>
>     Sure, the more the beter, ive been banging my head against the wall<br>
>     for a while on this____<br>
> <br>
>     __ __<br>
> <br>
>     Adam ____<br>
> <br>
>     __ __<br>
> <br>
>     On Thu, 4 Aug 2022 at 22:41, <<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a><br>
>     <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>>> wrote:____<br>
> <br>
>         You are welcome.____<br>
> <br>
>         ____<br>
> <br>
>         I wrote an app that does everything for me so I just need to<br>
>         dump the database into a:____<br>
> <br>
>         ssl::server_namedirective____<br>
> <br>
>         ____<br>
> <br>
>         it’s basically:____<br>
> <br>
>         ## START____<br>
> <br>
>         aclNoBump_server_name ssl::server_name<br>
>         "/etc/squid/no-ssl-bump-server-name.list"____<br>
> <br>
>         ____<br>
> <br>
>         acltls_to_splice any-of inspect_only NoBump_src<br>
>         NoBump_server_name NoBump_server_regex_by_urls_domain<br>
>         NoBump_server_regex____<br>
> <br>
>         ____<br>
> <br>
>         ssl_bumppeek app_matcher_helper____<br>
> <br>
>         ssl_bumppeek tls_s1_connect____<br>
> <br>
>         ____<br>
> <br>
>         ssl_bumpbump app_matcher_helper____<br>
> <br>
>         ssl_bumpbump app_reader_helper____<br>
> <br>
>         ssl_bumpbump deny_note____<br>
> <br>
>         ____<br>
> <br>
>         ssl_bumpsplice app_matcher_helper____<br>
> <br>
>         ssl_bumpsplice tls_to_splice____<br>
> <br>
>         ____<br>
> <br>
>         ssl_bumpstare app_matcher_helper____<br>
> <br>
>         ssl_bumpstare tls_s2_client_hello____<br>
> <br>
>         ____<br>
> <br>
>         ssl_bumpbump app_matcher_helper____<br>
> <br>
>         ssl_bumpbump tls_to_bump____<br>
> <br>
>         ## END____<br>
> <br>
>         ____<br>
> <br>
>         If you want I can upload a snippet of the whole setup dump with<br>
>         hope you could make use of it.____<br>
> <br>
>         ____<br>
> <br>
>         Eliezer____<br>
> <br>
>         ____<br>
> <br>
>         ----____<br>
> <br>
>         Eliezer Croitoru____<br>
> <br>
>         NgTech, Tech Support____<br>
> <br>
>         Mobile: +972-5-28704261____<br>
> <br>
>         Email: <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a> <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>>____<br>
> <br>
>         Web: <a href="https://ngtech.co.il/" rel="noreferrer" target="_blank">https://ngtech.co.il/</a> <<a href="https://ngtech.co.il/" rel="noreferrer" target="_blank">https://ngtech.co.il/</a>>____<br>
> <br>
>         My-Tube: <a href="https://tube.ngtech.co.il/" rel="noreferrer" target="_blank">https://tube.ngtech.co.il/</a> <<a href="https://tube.ngtech.co.il/" rel="noreferrer" target="_blank">https://tube.ngtech.co.il/</a>>____<br>
> <br>
>         ____<br>
> <br>
>         *From:*Adam Barnett <<a href="mailto:abarnett@belofx.com" target="_blank">abarnett@belofx.com</a><br>
>         <mailto:<a href="mailto:abarnett@belofx.com" target="_blank">abarnett@belofx.com</a>>><br>
>         *Sent:* Friday, 5 August 2022 0:26<br>
>         *To:* <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a> <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>><br>
>         *Cc:* <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
>         <mailto:<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>><br>
>         *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____<br>
> <br>
>         ____<br>
> <br>
>         תודה רבה<br>
>         It looks like you are using a database and then building the<br>
>         config from that? any cahnce you can send me the snippet of the<br>
>         config instead of the DB bits? ? ____<br>
> <br>
>         ____<br>
> <br>
>         Thanks again ____<br>
> <br>
>         ____<br>
> <br>
>         Adam ____<br>
> <br>
>         ____<br>
> <br>
>         On Thu, 4 Aug 2022 at 22:18, <<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a><br>
>         <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>>> wrote:____<br>
> <br>
>             Hey Adam,____<br>
> <br>
>             ____<br>
> <br>
>             I recorded a video for you on how I do it at:____<br>
> <br>
>             <a href="https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4" rel="noreferrer" target="_blank">https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4</a><br>
>             <<a href="https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4" rel="noreferrer" target="_blank">https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4</a>>____<br>
> <br>
>             ____<br>
> <br>
>             So basically the relevant domains are:____<br>
> <br>
>             ____<br>
> <br>
>             <a href="http://epicgames-download1.akamaized.net" rel="noreferrer" target="_blank">epicgames-download1.akamaized.net</a><br>
>             <<a href="http://epicgames-download1.akamaized.net" rel="noreferrer" target="_blank">http://epicgames-download1.akamaized.net</a>>____<br>
> <br>
>             .<a href="http://epicgames.com" rel="noreferrer" target="_blank">epicgames.com</a> <<a href="http://epicgames.com" rel="noreferrer" target="_blank">http://epicgames.com</a>>____<br>
> <br>
>             .<a href="http://unrealengine.com" rel="noreferrer" target="_blank">unrealengine.com</a> <<a href="http://unrealengine.com" rel="noreferrer" target="_blank">http://unrealengine.com</a>>____<br>
> <br>
>             ____<br>
> <br>
>             And you can peek at robert k Wild mail: “regex for normal<br>
>             websites”____<br>
> <br>
>             ____<br>
> <br>
>             And it contains the relevant technical details.____<br>
> <br>
>             If for any reason you need a more detailed answer let me<br>
>             know.____<br>
> <br>
>             ____<br>
> <br>
>             Yours,____<br>
> <br>
>             Eliezer ____<br>
> <br>
>             ____<br>
> <br>
>             ----____<br>
> <br>
>             Eliezer Croitoru____<br>
> <br>
>             NgTech, Tech Support____<br>
> <br>
>             Mobile: +972-5-28704261____<br>
> <br>
>             Email: <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a> <mailto:<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>>____<br>
> <br>
>             Web: <a href="https://ngtech.co.il/" rel="noreferrer" target="_blank">https://ngtech.co.il/</a> <<a href="https://ngtech.co.il/" rel="noreferrer" target="_blank">https://ngtech.co.il/</a>>____<br>
> <br>
>             My-Tube: <a href="https://tube.ngtech.co.il/" rel="noreferrer" target="_blank">https://tube.ngtech.co.il/</a><br>
>             <<a href="https://tube.ngtech.co.il/" rel="noreferrer" target="_blank">https://tube.ngtech.co.il/</a>>____<br>
> <br>
>             ____<br>
> <br>
>             *From:*squid-users<br>
>             <<a href="mailto:squid-users-bounces@lists.squid-cache.org" target="_blank">squid-users-bounces@lists.squid-cache.org</a><br>
>             <mailto:<a href="mailto:squid-users-bounces@lists.squid-cache.org" target="_blank">squid-users-bounces@lists.squid-cache.org</a>>> *On<br>
>             Behalf Of *Adam Barnett<br>
>             *Sent:* Thursday, 4 August 2022 14:28<br>
>             *To:* <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
>             <mailto:<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>><br>
>             *Subject:* [squid-users] Squid and Epic Games HCapctca____<br>
> <br>
>             ____<br>
> <br>
>             Hi All, ____<br>
> <br>
>             ____<br>
> <br>
>             I am trying to get squid to allow me to login to<br>
>             Epicgames.com with my epic login, i get to the login page<br>
>             and get the hcaptca images and everytime i get "invalid<br>
>             response" ____<br>
> <br>
>             ____<br>
> <br>
>             i looked at the headers and the only error that i can see is<br>
>             "The cache information is missing from the entry" ____<br>
> <br>
>             ____<br>
> <br>
>             My config looks like so<br>
> <br>
>             workers 2<br>
> <br>
>             ```<br>
>             # Leave coredumps in the first cache dir<br>
>             coredump_dir /var/spool/squid<br>
> <br>
>             http_port 3128 ssl-bump  dynamic_cert_mem_cache_size=16MB<br>
>               generate-host-certificates=on<br>
>             cert=/etc/squid/certs/squid-ca-cert-key.pem<br>
> <br>
>             sslcrtd_program /usr/lib64/squid/security_file_certgen -s<br>
>             /var/spool/squid/ssl -M 16MB<br>
>             dns_nameservers 10.5.1.2 8.8.8.8<br>
>             visible_hostname foo-proxy-1<br>
>             forwarded_for truncate<br>
>             via off<br>
> <br>
>             # Send to file<br>
>             access_log daemon:/var/log/squid/access.log<br>
> <br>
> <br>
> <br>
>             acl CONNECT method CONNECT<br>
>             acl local src <a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a> <<a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">http://10.0.0.0/8</a>><br>
>             always_direct allow all<br>
>             request_header_add X-GoogApps-Allowed-Domains "<a href="http://foo.com" rel="noreferrer" target="_blank">foo.com</a><br>
>             <<a href="http://foo.com" rel="noreferrer" target="_blank">http://foo.com</a>>" all<br>
> <br>
>             memory_replacement_policy heap GDSF<br>
>             maximum_object_size 100 KB<br>
>             maximum_object_size 1 MB<br>
> <br>
>             cache allow all<br>
>             cache_mem 256 MB<br>
>             cache_dir rock /var/spool/squid 1024<br>
>             memory_pools off<br>
>             cache_swap_low 90<br>
>             client_persistent_connections on<br>
> <br>
> <br>
>             http_access allow localhost manager<br>
>             http_access deny manager<br>
> <br>
>             # SquidGaurd<br>
>             url_rewrite_program /usr/bin/squidGuard<br>
>             ```<br>
> <br>
>             Any suggestions? ____<br>
> <br>
>             ____<br>
> <br>
>             Thanks____<br>
> <br>
>             Adam Barnett<br>
>             Senior SysAdmin beloFX____<br>
> <br>
>             **____<br>
> <br>
>               <br>
> <br>
>             ____<br>
> <br>
>               <br>
> <br>
>             <a href="mailto:abarnett@belofx.com" target="_blank">abarnett@belofx.com</a><br>
>             <<a href="https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__" rel="noreferrer" target="_blank">https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__</a>>____<br>
> <br>
>             **____<br>
> <br>
>               <br>
> <br>
>             ____<br>
> <br>
>               <br>
> <br>
>             <a href="http://www.belofx.com" rel="noreferrer" target="_blank">www.belofx.com</a> <<a href="http://www.belofx.com/" rel="noreferrer" target="_blank">http://www.belofx.com/</a>>____<br>
> <br>
>             **____<br>
> <br>
>               <br>
> <br>
>             ____<br>
> <br>
>               <br>
> <br>
>             LinkedIn <<a href="http://www.linkedin.com/company/belofx" rel="noreferrer" target="_blank">http://www.linkedin.com/company/belofx</a>>____<br>
> <br>
>             ____<br>
> <br>
> <br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>
</blockquote></div>